Although identity and access management, or IAM, may have been around for more than a dozen years, mid- to large-sized organizations that have implemented an IAM solution of some sort may not be ready for the fact that it is evolving rapidly due to the onslaught of new cloud and mobile technologies.

With compliance pressures from government and industry regulations and the growing risk of security and privacy breaches, the need for an IAM system — used to manage user access within an organization — that can handle modern IT requirements is becoming more evident every day.

The challenge of handling cloud and mobile technologies is making a tough job even tougher, so just managing the basics of IAM is difficult for most organizations, based on the scale and complexity of the environment: a growing number of users, applications, and the integration challenges of fitting a solution, or solutions, to each unique business environment.

No matter where applications are located — in the cloud, on a mobile device, or in the data center, users need access to them to conduct business. Above all, user access must be managed in a way that secures corporate assets, protects privacy, and meets regulatory compliance requirements — especially if a user changes his/her relationship to the organization or when that relationship is terminated.

It’s incumbent upon organizations to manage these activities centrally to prove to auditors and compliance personnel that the right policies and controls are in place to govern access. Most organizations can’t generate a complete report of what a given set of users can access across the enterprise, and it would take days to compile this manually. And even fewer organizations can centrally report on user access to new cloud and mobile applications.